Package: libcurl-openssl-dev Version: 7.52.1-5+deb9u7
Building an application on Stretch using libcurl in a multithreaded manner accessing https URLs will result in random crashes. Setting up the OpenSSL locks required by 1.0.2 (CRYPTO_set_id_callback() and CRYPTO_set_locking_callback()) is complicated by the fact that the system OpenSSL headers and library is 1.1. It may simply be a matter of rebuilding libcurl to link against 1.1, as work to support 1.1 in libcurl started in 2014. Otherwise the OpenSSL wiki ( https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#cURL ) mentions a single required change: "SSL_SESSION->ssl_version. Replaced with SSL_version(SSL *)". See also https://curl.haxx.se/libcurl/c/threadsafe.html . Kind regards, Jerome St-Louis
